[Samba] Domain join failure - error during DRS repl ADD: No objectClass found in replPropertyMetaData
Matthew Delfino
mdelfino.list.samba at KNOCKinc.com
Mon Nov 23 15:51:20 UTC 2015
On 2015.11.23, at 8:32 AM, Rowland Penny <rowlandpenny241155 at gmail.com> wrote:
> OK, try again, but this time, remove the <fSMORoleOwner> from the end of the command, this will dump the entire AD object, I am sure you will find that there is no 'fSMORoleOwner' attribute. This is your actual problem, why do you not have this FSMO role ?
>
> You have however found a bug in the code, it should print an error message if no role owner is found.
>
> Rowland
Rowland, you nailed it. The 'fSMORoleOwner' attribute was indeed missing from:
dn: CN=Infrastructure,DC=DomainDnsZones,DC=mycompany,DC=lan
And
dn: CN=Infrastructure,DC=ForestDnsZones,DC=mycompany,DC=lan
I used Softerra LDAP Administrator 2015.2 to "Add/Modify Attribute…" under it’s "Entry" menu while the Infrastructure containers sited above were selected.
I made sure that the syntax of my entry was correct:
CN=NTDS Settings,CN=DC00,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mycompany,DC=lan
And now I get what I expect:
----
sudo samba-tool fsmo seize --role=all
This DC already has the 'rid' FSMO role
This DC already has the 'pdc' FSMO role
This DC already has the 'naming' FSMO role
This DC already has the 'infrastructure' FSMO role
This DC already has the 'schema' FSMO role
This DC already has the 'domaindns' FSMO role
This DC already has the 'forestdns' FSMO role
----
And this:
----
sudo ldbsearch -H /var/lib/samba/private/sam.ldb -b "CN=Infrastructure,DC=DomainDnsZones,DC=knockinc,DC=loc" -s base '(fSMORoleOwner=*)' fSMORoleOwner
# record 1
dn: CN=Infrastructure,DC=DomainDnsZones,DC=mycompany,DC=lan
fSMORoleOwner: CN=NTDS Settings,CN=DC00,CN=Servers,CN=Default-First-Site-
Name,CN=Sites,CN=Configuration,DC=mycompany,DC=lan
# returned 1 records
# 1 entries
# 0 referrals
----
Same output for the other one (ForestDnsZones).
----
sudo ldbsearch -H /var/lib/samba/private/sam.ldb '(invocationId=*)' --cross-ncs objectguid
# record 1
dn: CN=NTDS Settings,CN=RHEA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=knockinc,DC=loc
objectGUID: 6ba7ca4f-291f-4ffe-8403-65fe26a8bfd2
# record 2
dn: CN=NTDS Settings,CN=ENCELADUS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=knockinc,DC=loc
objectGUID: 7c40a9c3-be7e-44b5-b2d9-ebe7f97c0517
# record 3
dn: CN=NTDS Settings,CN=GANYMEDE,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=knockinc,DC=loc
objectGUID: 98b9225b-a5b9-4351-84f8-253762772cc3
# returned 3 records
# 3 entries
# 0 referrals
----
The only other curiosity I have right now is, why are all the "whenChanged" attributes off between the DCs? Is that normal after a certain version of Samba, post v4.1.6?
Thanks again, Rowland!
Thanks,
Matthew
©2015 KNOCK, inc. All rights reserved. KNOCK is a registered trademark of KNOCK, inc. This message and any attachments contain information, which is confidential and/or privileged. If you are not the intended recipient, please refrain from any disclosure, copying, distribution or use of this information. Please be aware that such actions are prohibited. If you have received this transmission in error, kindly notify the sender by e-mail. Your cooperation is appreciated.
More information about the samba
mailing list